Sign-up

ID

VAR-200802-0496


CVE

CVE-2008-0590


TITLE

SSH have Ipswitch WS_FTP Server Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2008-004031

DESCRIPTION

Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command. Ipswitch WS_FTP is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service. This issue affects WS_FTP 6.1.0.0; other versions may also be affected. Progress Software Ipswitch WS_FTP Server is a set of file transfer solutions provided by Progress Software in the United States. It provides functions such as file transfer control and transfer encryption. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: IpSwitch WS_FTP Server with SSH Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA28753 VERIFY ADVISORY: http://secunia.com/advisories/28753/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: WS_FTP Server 6.x http://secunia.com/product/14782/ DESCRIPTION: securfrog has discovered a vulnerability in IpSwitch WS_FTP Server with SSH, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerability is caused due to a boundary error in the SSH Server Service (SSHServer.exe) when handling arguments to the "opendir" command. This can be exploited to cause a stack-based buffer overflow by passing an overly long argument to the affected command. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in IpSwitch WS_FTP Server with SSH version 6.1. SOLUTION: Grant only trusted users access to the SSH Server Service. PROVIDED AND/OR DISCOVERED BY: securfrog ORIGINAL ADVISORY: http://www.milw0rm.com/exploits/5044 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-0590 // JVNDB: JVNDB-2008-004031 // BID: 27573 // VULHUB: VHN-30715 // PACKETSTORM: 63215

AFFECTED PRODUCTS

vendor:ipswitchmodel:ws ftp serverscope:eqversion:6.1.0.0

Trust: 1.4

vendor:progressmodel:ws ftp serverscope:eqversion:6.1.0.0

Trust: 1.0

vendor:ipswitchmodel:ws ftp serverscope:eqversion:6.1.0

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:neversion:6.1.1

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:neversion:7.1

Trust: 0.3

sources: BID: 27573 // JVNDB: JVNDB-2008-004031 // CNNVD: CNNVD-200802-066 // NVD: CVE-2008-0590

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-0590
value: HIGH

Trust: 1.0

NVD: CVE-2008-0590
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200802-066
value: CRITICAL

Trust: 0.6

VULHUB: VHN-30715
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2008-0590
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-30715
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-30715 // JVNDB: JVNDB-2008-004031 // CNNVD: CNNVD-200802-066 // NVD: CVE-2008-0590

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-30715 // JVNDB: JVNDB-2008-004031 // NVD: CVE-2008-0590

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200802-066

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-200802-066

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-004031

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-30715

PATCH
title:WS_FTPurl:http://www.ipswitchft.com
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-004031

EXTERNAL IDS
db:NVDid:CVE-2008-0590
Trust: 2.8
db:BIDid:27573
Trust: 2.0
db:SECUNIAid:28753
Trust: 1.9
db:EXPLOIT-DBid:5044
Trust: 1.8
db:VUPENid:ADV-2008-0400
Trust: 1.7
db:SREASONid:3609
Trust: 1.7
db:JVNDBid:JVNDB-2008-004031
Trust: 0.8
db:CNNVDid:CNNVD-200802-066
Trust: 0.7
db:SEEBUGid:SSVID-65169
Trust: 0.1
db:VULHUBid:VHN-30715
Trust: 0.1
db:PACKETSTORMid:63215
Trust: 0.1
sources:
            
            
            VULHUB: VHN-30715 // 
            
            
            
            BID: 27573 // 
            
            
            
            JVNDB: JVNDB-2008-004031 // 
            
            
            
            PACKETSTORM: 63215 // 
            
            
            
            CNNVD: CNNVD-200802-066 // 
            
            
            
            NVD: CVE-2008-0590

REFERENCES
url:http://www.securityfocus.com/bid/27573
Trust: 1.7
url:http://www.securityfocus.com/archive/1/487441/100/0/threaded
Trust: 1.7
url:https://www.exploit-db.com/exploits/5044
Trust: 1.7
url:http://secunia.com/advisories/28753
Trust: 1.7
url:http://securityreason.com/securityalert/3609
Trust: 1.7
url:http://www.vupen.com/english/advisories/2008/0400/references
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0590
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0590
Trust: 0.8
url:http://www.ipswitch.com/products/ws_ftp/home/index.asp
Trust: 0.3
url:/archive/1/487441
Trust: 0.3
url:http://www.ipswitchft.com/support/ws_ftp_server/releases/wr611.asp
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:https://psi.secunia.com/?page=changelog
Trust: 0.1
url:https://psi.secunia.com/
Trust: 0.1
url:http://secunia.com/product/14782/
Trust: 0.1
url:http://secunia.com/advisories/28753/
Trust: 0.1
url:http://www.milw0rm.com/exploits/5044
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-30715 // 
            
            
            
            BID: 27573 // 
            
            
            
            JVNDB: JVNDB-2008-004031 // 
            
            
            
            PACKETSTORM: 63215 // 
            
            
            
            CNNVD: CNNVD-200802-066 // 
            
            
            
            NVD: CVE-2008-0590

CREDITS
securfrog@gmail.com is credited with the discovery of this vulnerability.
Trust: 0.9
sources:
            
            
            BID: 27573 // 
            
            
            
            CNNVD: CNNVD-200802-066

SOURCES
db:VULHUBid:VHN-30715
db:BIDid:27573
db:JVNDBid:JVNDB-2008-004031
db:PACKETSTORMid:63215
db:CNNVDid:CNNVD-200802-066
db:NVDid:CVE-2008-0590

LAST UPDATE DATE
2024-11-23T22:28:10.138000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-30715date:2019-08-13T00:00:00
db:BIDid:27573date:2015-05-07T17:33:00
db:JVNDBid:JVNDB-2008-004031date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200802-066date:2020-05-11T00:00:00
db:NVDid:CVE-2008-0590date:2024-11-21T00:42:27.337

SOURCES RELEASE DATE
db:VULHUBid:VHN-30715date:2008-02-05T00:00:00
db:BIDid:27573date:2008-02-02T00:00:00
db:JVNDBid:JVNDB-2008-004031date:2012-09-25T00:00:00
db:PACKETSTORMid:63215date:2008-02-04T18:20:45
db:CNNVDid:CNNVD-200802-066date:2008-02-05T00:00:00
db:NVDid:CVE-2008-0590date:2008-02-05T12:00:00